210-255 · Question #65
Which data type is protected under the PCI compliance framework?
The correct answer is B. primary account number. PCI DSS is specifically designed to protect payment cardholder data, with the Primary Account Number (PAN) being the core data element that triggers PCI scope.
Question
Which data type is protected under the PCI compliance framework?
Options
- Acredit card type
- Bprimary account number
- Chealth conditions
- Dprovision of individual care
How the community answered
(40 responses)- B93% (37)
- C3% (1)
- D5% (2)
Why each option
PCI DSS is specifically designed to protect payment cardholder data, with the Primary Account Number (PAN) being the core data element that triggers PCI scope.
Credit card type (e.g., Visa, Mastercard) is not itself a sensitive data element protected under PCI DSS and does not trigger PCI compliance requirements on its own.
The Primary Account Number (PAN) is the 14-19 digit payment card number and is the central protected data element under PCI DSS. PCI DSS requirements apply whenever a PAN is stored, processed, or transmitted. All other cardholder data elements are only in scope when they are stored alongside the PAN.
Health conditions are protected under HIPAA and related healthcare privacy regulations, not PCI DSS.
Provision of individual care is a healthcare concept governed by HIPAA, not a payment card data element under PCI DSS.
Concept tested: PCI DSS protected cardholder data elements
Source: https://www.pcisecuritystandards.org/document_library/
Topics
Community Discussion
No community discussion yet for this question.